Clientless VPN and Java/Javascript

Reply
Highlighted
L1 Bithead

Clientless VPN and Java/Javascript

Hi

 

We have a clientless VPN and app set up to use https on tcp 8443 but the page is not displaying at all. Connectivity has been proven end to end so all the rules are in place.

The app points to a webserver that hosts a portal and uses Javascript.

 

Some debugging was carried out on the client browser side and a comparison of going through the clientless VPN and not going through the VPN showed the Palo inserting various code. I know the Palo does URL re-writes but can anyone explain what the "pan_eval((function()" and "?gp-7" is? I guess it's something to do with Java but unfortunately I have no experience of it.

 

Many thanks.

 

Paul.

 

These are some of the extracts from the debug whilst going through the VPN and the inserted elements:

<script src="https://xxx.xxx.xxx.254/global-protect/vpn-js/pan_js_all_181s.js"></script><base href="/http-8443/xxx.xxx.xxx.31/aiv/">

  <script type="text/javascript" src="assets/js/css-vars-ponyfill.min.js?gp-7"></script>

  <script type="text/javascript">

    pan_eval((function()

 

This whole content has been added by the Palo:

).toString().slice(12, -2),__pan_site_rules,1);</script>

  <link rel="stylesheet" href="assets/css/vendor/katex.min.css" defer />

  <link rel="stylesheet" href="assets/css/vendor/prism.css" defer />

  <link rel="stylesheet" href="assets/css/vendor/notebook.css" defer />

  <link rel="stylesheet" href="assets/css/nbpreview.css" defer />

  <link rel="stylesheet" href="assets/css/cssvariables.css" />

<link rel="stylesheet" href="styles.css"></head>

 

This is where ?gp-7 added

<body>

  <app-root></app-root>

  <script src="assets/js/jquery-3.4.1.min.js?gp-7" defer></script>

  <script src="assets/js/jquery.sparkline.min.js?gp-7" defer></script>

  <script src="assets/js/d3.min.js?gp-7" defer></script>

  <script src="assets/js/raw.js?gp-7" defer></script>

  <script src="assets/js/papaparse.min.js?gp-7" defer></script>

  <script src="assets/js/pivot.js?gp-7" defer></script>

  <script src="assets/js/jcf.js?gp-7" defer></script>

  <script src="assets/js/jsencrypt.js?gp-7" defer></script>

  <script src="assets/js/katex-0.6.0.js?gp-7" defer></script>

  

  <script type="text/javascript" src="assets/js/vendor/es5-shim.min.js?gp-7" defer></script>

  <script type="text/javascript" src="assets/js/vendor/marked.min.js?gp-7" defer></script>

  <script type="text/javascript" src="assets/js/vendor/ansi_up.min.js?gp-7" defer></script>

  <script type="text/javascript" src="assets/js/vendor/prism.min.js?gp-7" defer></script>

  <script type="text/javascript" src="assets/js/vendor/katex.min.js?gp-7" defer></script>

  <script type="text/javascript" src="assets/js/vendor/katex-auto-render.min.js?gp-7" defer></script>

  <script type="text/javascript" src="assets/js/vendor/notebook.min.js?gp-7" defer></script>

 

<script src="runtime.js?gp-7"></script><script src="polyfills.js?gp-7"></script><script src="scripts.js?gp-7"></script><script src="main.js?gp-7"></script></body>

 

 


Accepted Solutions
Highlighted
L1 Bithead

Hi,

 

We finally got this working.

Under "Network\GlobalProtect\Clientless Apps" we had an application with the "Application Home URL" configured with an IP address rather than a URL with the server hostname. Once this was changed we could connect to the server OK.

 

Hope this helps.

 

Paul.

View solution in original post


All Replies
Highlighted
L0 Member

Hi all, I'm also facing the same issue. Seems like the javascript that global protect wraps stops it from loading. Has anyone found a solution to this?

Highlighted
L1 Bithead

Hi,

 

We finally got this working.

Under "Network\GlobalProtect\Clientless Apps" we had an application with the "Application Home URL" configured with an IP address rather than a URL with the server hostname. Once this was changed we could connect to the server OK.

 

Hope this helps.

 

Paul.

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!